Skip to content

Binary Security and Configuration Enhancements #3199

@hicaru

Description

@hicaru

Description

The current Zilliqa binary requires passing a private key directly via the command line:

./target/release/zilliqa 0x... --config-file zq2-testnet.toml

This approach is insecure as the private key is exposed in the command history and process list, making it vulnerable to unauthorized access if the user's system is compromised.

Additionally, the configuration file specifies the data_dir under the [[nodes]] section:

[[nodes]]
eth_chain_id = 33101
data_dir = "/data"

Hardcoding data_dir in the config file is inflexible, requiring users to modify the file for different environments.

Proposed Solution

  1. Private Key as Environment Variable:

    • Modify the binary to accept the private key via an environment variable (e.g., ZILLIQA_PRIVATE_KEY) instead of a command-line argument.
    • Example usage:
      export ZILLIQA_PRIVATE_KEY=0x...
      ./target/release/zilliqa --config-file zq2-testnet.toml
    • This approach prevents the private key from being exposed in command history or process lists, enhancing security.
  2. Data Directory as Command-Line Argument:

    • Add a --data-dir command-line argument to override the data_dir specified in the config file.
    • Example usage:
      ./target/release/zilliqa --config-file zq2-testnet.toml --data-dir /data
    • This improves flexibility, allowing users to specify the data directory without modifying the configuration file.

Benefits

  • Security: Using an environment variable for the private key reduces the risk of exposure.
  • Flexibility: A --data-dir argument simplifies configuration for different environments without altering the config file.

Steps to Reproduce

  1. Run the Zilliqa binary with a private key:
    ./target/release/zilliqa 0x... --config-file zq2-testnet.toml
  2. Check the process list (e.g., ps aux) or command history to see the exposed private key.
  3. Observe that changing data_dir requires editing the zq2-testnet.toml file, which is inconvenient.

Expected Behavior

  • Private key should be read from an environment variable (ZILLIQA_PRIVATE_KEY).
  • data_dir should be configurable via a --data-dir command-line argument, overriding the config file value.

Additional Context

  • The current setup is particularly risky in shared or multi-user environments where command-line arguments are logged or visible.
  • Allowing data_dir as a command-line argument aligns with common CLI tool practices for better usability.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions